Created Example hook script using dns-01 with nsupdate (markdown)

2026-03-23 09:31:00 +01:00 · 2016-01-31 16:14:49 +01:00
parent a01d36b17d
commit 7172af10e1
1 changed files with 49 additions and 0 deletions
--- a/Example-hook-script-using-dns-01-with-nsupdate.md
+++ b/Example-hook-script-using-dns-01-with-nsupdate.md
@@ -0,0 +1,49 @@
+# Example hook script using **Dynamic DNS update utility** for _dns-01_ challenge
+
+This hook script uses the nsupdate utility from the bind package to solve dns-01 challenges.
+
+## Code
+
+```bash
+#!/usr/bin/env bash
+
+#
+# Example how to deploy a DNS challange using nsupdate
+#
+
+set -e
+set -u
+set -o pipefail
+umask 077
+
+updatefile="$(mktemp)"
+
+NSUPDATE="nsupdate -k /path/to/Kdnsupdatekey.private"
+done="no"
+
+if [[ "$1" = "deploy_challenge" ]]; then
+    printf "update add _acme-challenge.%s. 300 in TXT \"%s\"\n\n" "${2}" "${4}" > "${updatefile}"
+    $NSUPDATE "${updatefile}"
+    done="yes"
+fi
+
+if [[ "$1" = "clean_challenge" ]]; then
+    printf "update delete _acme-challenge.%s. 300 in TXT \"%s\"\n\n" "${2}" "${4}" > "${updatefile}"
+    $NSUPDATE "${updatefile}"
+    done="yes"
+fi
+
+if [[ "${1}" = "deploy_cert" ]]; then
+    # do nothing for now
+    done="yes"
+fi
+
+rm -f "${updatefile}"
+
+if [[ ! "${done}" = "yes" ]]; then
+    echo Unkown hook "${1}"
+    exit 1
+fi
+
+exit 0
+```